With most of our digital lives now revolving around the use of smartphones and tablets, mobile security has become a major security concern. This course will look in-depth into all aspects of mobile security. Beginning with risk assessment of mobile applications we will examine the various dangers and threats which put our consumer and data privacy at risk. We cover real world examples security breaches either of the smartphone security framework or by 3rd party applications. Concepts of rooting/jailbreaking will be covered to show how 3rd party apps can be installed on the device. The training also covers in detail the various security frameworks across different mobile platforms like Apple & Android with understanding of common threats and best security practices. Secure mobile application design strategies will be put forward to encourage programmers and developers to write secure code in their application(s) for making robust and hardened apps. This will ensure the highest levels of security measures in the apps and subsequently peace of mind for the clients.
Who should attend?
- This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.
Android application security
- Introduction to Android
- Introduction to Android
- Android Security Architecture
- What is ADB.
- Setting up Android Pentesting Environment (Genymotion)
- Android Applications Components
- Shell connection using SSH,VNC and virtual emulator
- Setting up a Burp proxy.
- Apk files in nutshell.
- Android application manipulation with Apktool
- Dex Files Analysis.
- Using dex2jar and other tools
- Reading and modifying Dalvik Bytecode
- Adding Android application functionality, from Java to Dalvik Bytecode
- Reversing android applications.
- Logging based Vulnerabilities
- Analysing Android Traffic
- Static and Dynamic Analysis of Android Malwares.
- Bypassing SSL pinning.
- Leaking Content Providers
- Client Side Injections.
- Read Based Content Providers Vulnerabilities
- Insecure Data Storage
- Broken Cryptography
- Hooking Introduction and setting vulnerable Application
Android application interaction and Intent manipulation with Drozer
- Effective Android application analysis with Androwarn
- Exploiting Android devices with Metasploit
- Testing for the OWASP Top 10 of Mobile Applications:
- Improper Platform UsageInsecure Data Storage
- Insecure Communication
- Insecure Authentication
- Insufficient Cryptography
- Insecure Authorization
- Client Code Quality
- Code Tampering
- Reverse Engineering
- Extraneous Functionality
- MVC And Event Driven Architecture
- ARM Processor
- iOS Security Mechanisms
- Security Architecture
- Secure Boot Chain
- Loading Trusted Applications
- Application Isolation
- Data Encryption
- Network Security
- What is JB
- Why JB
- Types of JB
- Cydia : Logging into your Jailbroken Device
- Tools to install
- SQLite Databases
- Plist Files
- Introduction & Case studies
- Principle of CIA
- Runtime Analysis with Cycript
- Lifecycle of an Application
- UIApplication Tasks
- UIApplication Delegate
- UIApplication windows
- Cycript + Class-dump-z
- Decrypting Applications
- Runtime Analysis with GDB
- Installing Installous
- Upload challenge applications via Installous
- Data Storage and security
- SQLite Data Files
- Core Data Services
- Cached Data
- Monitoring Network Communications
- Backend Web Services Attack
- Authentication Authorization and Session Management Attacks
- XML Parsing Bugs
- Improper Encryption
- Directory Traversal Attacks
- Insecurity due to underlying C
- UDID Privacy Concerns
- Application Fuzzing
Faculty has a good trainers. Yes, the course met its objective.
Bhushan Jeevan Rane, Assistant Manager – SHCIL
Faculty has delivered the content clearly. He has a good subject knowledge.
Mukesh Lokre, Information Security Analyst – Travelex
Faculty has excellent knowledge on Mobile testing & has delivered it very well. Yes the course met its objective
Information Security Analyst – Travelex
Very impressive, knowledgeable, technically sound & skilled trainers.
Chinmay Dhawale, Information Security Analyst – Travelex
Faculty has good understanding of the subject & well versed with testing methodologies. Yes the course was helpful in giving an insight into mobile application test, how to get it started & tested.
Priyanka Sovasaria, Information Security Analyst – Travelex
Faculty is good & has explained the topics very well.
Shital Ranadive, Info Security Analyst – IDBI Intech Ltd
Faculty has in-depth knowledge & experience on security vulneralisation.
Vinay Kumar, Asst. Professor (Vasavi College Of Engineering)
Faculty is excellent.
Vaibhav Jindal, Project Manager (Bharti Axa Life)
Faculty has demonstrated the topic pretty well and the hand’s on training was very helpful.
Abhijay Singh, Analyst (IDBI Intech)